Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
“I don’t necessarily trust my childcare”: Securing Electronic & Physical Sensitive Information

“I don’t necessarily trust my childcare”: Securing Electronic & Physical Sensitive Information

Ratings: (0)|Views: 24 |Likes:
Published by Laurian Vega
There is a need in HCI to study how issues of trust and privacy can and do affect the ad hoc negotiation of security rules and how they are managed by humans in actual practice. In this paper we present some initial studies, interviews and observations, to examine the physical and electronic security practices of childcares and medical offices. We show that the issues of human-mediated monitoring, information redundancy, and the creation of a community of trust all affect aspects of the human-side of security.
There is a need in HCI to study how issues of trust and privacy can and do affect the ad hoc negotiation of security rules and how they are managed by humans in actual practice. In this paper we present some initial studies, interviews and observations, to examine the physical and electronic security practices of childcares and medical offices. We show that the issues of human-mediated monitoring, information redundancy, and the creation of a community of trust all affect aspects of the human-side of security.

More info:

Published by: Laurian Vega on Jun 01, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/12/2014

pdf

text

original

 
“I don
ʼ
t necessarily trust my childcare”: SecuringElectronic & Physical Personal Information
Laurian Vega, Tom DeHart, Steve Harrison, Dennis Kafura
Center for Human Computer Interaction, Computer Science2202 Kraft DriveVirginia Tech, Blacksburg, VA
 {Laurian, SRH, Kafura}@vt.edu, TDehart@gmail.com
There is a need in HCI to study how issues of trust and privacycan and do affect the ad hoc negotiation of security rules and howthey are managed by humans in actual practice. In this paper we present some initial studies, interviews and observations, toexamine the physical and electronic security practices of childcares and medical offices. We show that the issues of human-mediated monitoring, information redundancy, and the creation of a community of trust all affect aspects of the human-side of security.
1.
 
PROBLEM & MOTIVATION
Traditionally, electronic and physical security was thought of asrules, locks, and passwords. More recently, security research hasexplored how security is part of a larger socio-technical system[7] that involves people working with technology and their environments to create safe systems. When examining security asone part, or as a supporting mechanism, of a socio-technicalsystem, issues of trust, privacy, and negotiation start to appear. Itis our goal therefore to look at how these socio-technical factorsaffect actual practice to provide insight into designing effectivesecurity measures.We examine information rich environments that involvesignificant amounts of collaboration with sensitive informationdocumentation, access, and retrieval. The two domains that wehave explored are childcares, where both parents and childcares provide information about a child’s developmental and physical progress, and small medical practices, where patients and medicalstaff provide information about the patient’s health. In this poster we present the initial findings from interviews and observationstudies in these domains.
2.
 
BACKGROUND
A plethora of research is emerging to explore the human-side of security. Bellotti and Sellen [1] created a design framework for looking at the security aspects of user feedback and control whencreating ubiquitous technologies. Similarly, the work of Flechaiset al. [4] demonstrated the difference between social and technicalsecurity measures. By their definitions, security measures are progressive and adaptive yet are unreliable due to emotions andcircumstances. Technical security, on the other hand, works wellon repetitive tasks, but is less flexible in unknown cases. In our studies we explore how security is affected by technical and socialmeasures in order to provide insight to design.Dourish and Anderson [2] approach security from a social science perspective to emphasize that security is a practical phenomenonand discursive practice. Dourish and Anderson’s work is similar to ours in that it focuses on the idea of practice being central tounderstanding how work really gets done securely [6].There is prior work to understand how child and health care can be designed from a user perspective. The qualitative design work of Kientz et al. [5] demonstrated the parent’s need to document achild’s milestones and relevant medical information. They foundthat design issues such as ‘providing a reliable informationsource’ were central. Our work builds on this work in that westress the collaborative nature of documenting information aboutchildren. In the broad realm of research on healthcare, the work of Reddy and Dourish’s [9] demonstrates how practice can affectinformation dissemination and communication in hospitals. Intheir paper temporal rhythms are proposed to explain community patterns in seeking, providing, and managing information. Our work is in a similar information area and uses a similar method, but our focus extends to how security is affected.
3.
 
METHOD
Four studies were conducted using interviews and observations toexplore security issues involved in the practice of collaborativesensitive information management. Basic dimensions of thesestudies are in Table 1. The summer studies involved interviewswith the directors along with guided tours of their workplaces.Four childcare directors were selected for the second study as therepresentatives of the strongest information practices (i.e. leastviolations, clear information practices). These follow-upinterviews lasted approximately 45 minutes. Two to four observation sessions lasting 2- 3 hours each were conductedfollowing the interviews. All interviews and observations weretranscribed.All participants were from the southwest area of Virginia. Thisarea is rural, yet technologically impacted by the proximity to theUniversity. Waitlists exist for the best childcares and medical practices. All directors were recruited through a comprehensive
ChildcareDirectorsMedicalPersonnelParentsWhen5/09 - 12/09 5/09 9/09 9/09 12/09 Number +Gender Sum= 11F,1M; Fall= 4W8W, 4M 18W, 3MMethodInterviews: 30 – 60 min;ObservationInterviews: 30minInterviews: 30minLocationPlace of work Place of work Place of convenience
Table 1. Dimensions of four studies by participant type,when conducted, study, method, and location.
 
list of all area businesses; the response rates were 55% for childcares, and 26% for medical practices- not including thehospitals. Parents were recruited through listservs, flyers, andcompany newsletters. The only incentives provided to participatewere offered to parents; parents were paid ten dollars.Grounded theory was used for analysis. Grounded theory is amethod of evaluating ethnographic data through the use of codes by sorting findings into “themes”. Themes then inform theresearch as data findings. (See [3] for a thorough explanation.) Alldata from the studies were coded by at least two researchers.
4.
 
RESULTS
Human-Mediated Information Monitoring
The central nucleus of information being stored and managedabout a patient or a child is located in their file. The centers in our studies kept the files in expansive filing shelves, or in filingcabinets. The location of the director’s office was either in thesame space as the files, or directly next to the files. Indeed,accessing, searching, and managing the files is a large part of therole of the director. However, the role of director also extends tomediating the access and use of the files by others in the center.In the case of childcares, there are instances when teachers or  parents want to be able to look at a file. One director said, “Whena teacher comes in and wants access to a file they have to comethrough me first and they have to tell me their reason basically,you know, why do you need to go in there?” This director isexplaining how she monitors access to the files in a method that ismore than simply checking access rights to information. She isadditionally checking the teacher’s goal, which extends intomanaging information privacy. The director’s function is tomediate the information seeker’s goal in a way that is flexible,negotiated, and determined in a case-by-case fashion to best balance the need for information for work with need to keepinformation private.
Information Redundancy as a Form of Security
Beyond the physical file containing information about a child or  patient, there is information kept in other locations. From asecurity perspective having only one instance to protect is thesimplest case. When information, however, becomes dispersed to better support individual practice, security becomes more difficultto manage due to numerous access points.In both medical and child practices there were instances whereinformation was outside the file. These include having a physicaland an electronic file, having a file for billing and a file for medical history, having files for one patient between two medicalcenters, having information on hand in different spaces, andhaving electronic copies stored in an off-site location. Onedirector explains duplicating information in multiple officelocations, “We fax patient information back and forth... Thathappens hundreds of times a day…. Always with the bigdisclaimer this is medically protected information, and this isintended for so-and-so only.” She explains that someone then filesthe appropriate information and the remainder is shredded. Thisduplication of information functions to make sure that informationis ready at hand when necessary for work and ensures that if theinformation is lost it is reproducible. Understanding whatinformation is going to be kept in what space or form, and whohas access to those instances is something that is determined bythe function of the information and also the context surroundingthe information use.
Community of Trust
To balance the need for access to information with the need tokeep information secure, communities of trust were created withinthe centers we studied. One aspect of security that we asked aboutwas the use of passwords. Computers, when used for accessing patient information, were generally in the director’s space, or thedoctor’s office. Of those medical centers that used electronicsystems, only seven (29%) had individual passwords. When askedwhy, a director said, “They can access anything. That’s their job.”This statement emphasizes that to be able to do the work requiredfor the job, levels of security have to become normalized tofunction. Another example comes from the locking of physicalfiling cabinets. It is the official policy that filing cabinetscontaining files should be locked when the director is absent:“[files are] all kept in here in a cabinet that's locked when I’m nothere and the door is locked as well.” The use of a key was,however, never observed.These examples are not work-around security practices. They are,instead, examples of how communities establish and negotiatewhat needs to be made secure. It is a demonstration of contextualintegrity [8] playing its role in facilitating communities of peopletrusting one another in situ.
5.
 
Discussion and Design Implications
Security and work practices are not in conflict with one another.What our research has demonstrated is that practice is what isenacted after security rules are put in place. It is through creatinga community that values security, that the rules can be understood.At this stage we are starting to develop the tentative designimplications for creating security solutions. The first involvesunderstanding how a person-based and space-based hub of information can still function as a secure place if and when files become electronic. Will people still work through the human-mediated monitoring of the files? It is our belief that one personwill still work close with the file system and allow people limitedtemporary and decaying access. Access should be negotiated, as itis now, to still support community standards. The second designimplication is that of reciprocity in knowing whom and when a patient or child’s files are being accessed; if you can see my files,I should at least be able to see your information. Additionally, astechnology use grows electronic systems should not obfuscate thecommunity standards so that the community of trust can continueto function.Overall, the major implication for our findings is that electronicand physical security should be flexible to represent the shiftingcontext of access and management of information.
6.
 
CONCLUSIONS & CONTRIBUTION
Though our preliminary studies of child and health care practiceswe have shown that there is a balance between needing to getwork done with needing to keep information secure. Three themeswere explored to demonstrate how this balance is negotiated in practice to create functioning secure work places. We believe thatour approach, while preliminary, offers valuable insight tofurthering research on how understanding practice affects thedesign of secure systems.
7.
 
REFERENCES
[1]
 
Bellotti, V. and A. Sellen. Design for Privacy in UbiquitousComputing Environments. in Proceedings of the ThirdConference on European Conference on Computer-

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->